How to Play it Safe in an Internet Café

| March 30, 2010 | 23 Comments
internetcafe How to Play it Safe in an Internet Café

Bottom line—how big is the risk, really?

Identity theft is an increasingly common occurrence—and the situation is likely to get worse in coming years. As a backpacker, working and blogging at an internet café puts you at particular risk because there is no simple sure-fire way to ensure that the computer on which you are working is free of malware, such as trojans or keyloggers. But how big is the risk to your average everyday traveller?

One simple step backpackers can take to better protect themselves from becoming a victim—never enter personal data while on a public computer. It is simply unsafe to enter passwords and private information while in an internet café owing to the proliferation of spyware, which is capable of tracking your keystrokes.

Keystroke recorders—known colloquially as keyloggers—are particularly dangerous because they are capable of recording your keystrokes and therefore can be used to steal logins and passwords to online accounts. That being said, there are a few simple ways to mitigate the risks posed by keystroke recorders.

1. Check for hardware keyloggers

keylogger 150x150 How to Play it Safe in an Internet Café

A hardware keylogger dongle...

A hardware keylogger is a small, inconspicuous USB device that is plugged into a computer between the keyboard and the tower. Unfortunately, a keylogger may be virtually indistinguishable from an extension cable or other device. Once installed, however, it captures all keystrokes into its own memory. This kind of device is completely self-contained and works just as well on a Mac as on a Windows system. The principal weakness of this particular keylogger—at least the varieties that are commonly available—is that it’s not remotely accessible. Therefore, the person who installed it has to return to retrieve the data from the device.

How can you protect yourself from this particular threat? When first logging into a terminal at an internet café, it’s a good idea to physically inspect the keyboard PS/2 or USB cables for ‘security breaches’. However, external hardware keyloggers are very difficult to detect. For example, there are a number of keyloggers that that built right into the keyboard! That being said, I suspect that hardware keyloggers are not very common in internet cafe—malicious software is a much more attractive option for those that want to gather information. Let’s face it, physical keyloggers attached to directly to a computer increase the likelihood of getting caught.

2. Run an operating system from a USB stick

It’s not always practical for vagabonds to carry a PC when on the road (even if it’s a netbook) and it’s often handy to do a quick Google search or check browser-based e-mail  at an internet café. But terminals at internet cafés don’t have your familiar desktop and personal files on them. Depending on where you are, they may not even have the applications needed to read and edit your data files on them. Still worse, they might be infected with viruses, trojans or worms. The solution?

With fast high-capacity USB thumb drives, you no longer need to bring a laptop along with you when you want to run your own applications and access your own data. Indeed, many people are adopting open source applications that load and run directly from a USB thumb drive. This means that backpackers can take along important applications and files along with them—a “computer on a stick” if you will! In fact, many of these USB thumb drive computers have applications which encode keystrokes in order to fool software-based keyloggers!

One such solution is an open-sourced Linux-based operating system, which comes complete with a suite of great applications. What is the advantage offered by such a solution? You will no longer be dependent on a PC running Microsoft Windows! Instead, all you will require is a PC that capable of booting from a USB port to run your “computer on a stick”!

Pendrivelinux.com is a site which offers a wide selection of available operating systems suitable for booting from a USB stick. The site includes simple and detailed instructions on how to load and run your very own USB flash drive–based Linux OS. And the best part? The software is free!

The downside?  Most internet cafés in countries which see a lot of backpackers are going be pretty well run—and they’ll all have software in them to keep their systems locked down. Most proprietors won’t take kindly to you rebooting their PCs and working ‘off the clock’. Of course, if you grease the palm of the person behind the counter running the café, you might be able to convince them. Bottom line, however, I would not plan on being able to run an OS off of a USB drive.

3. Bring your own system

This is the best—but not necessarily the most practical—solution. Netbooks offer a secure alternative to the ubiquitous internet cafés that line the tourist trail. Coupled with a good virtual private network (VPN), they offer a means to pay bills, make purchases and check bank accounts.

In our opinion—the HP Mini 110 is one of the best netbook options in the sub-$400 budget netbook category. It offers a nice hardware configuration, a good-looking design and an excellent keyboard. The HP is a very nice option for those on the lookout for a low-cost netbook that they can toss into their packs. For these reasons, it has won itself a place in both our real-world and virtual backpack! Check out our article here.

Conclusion

Ideally you should simply avoid online banking, shopping or other transactions that require you to enter sensitive information such as credit card or personal bank account details. If the matter is urgent, however, and you have to do it, take the precaution of changing all your passwords as soon as feasible from a more trusted computer.

Anil Polat, who worked as a security engineer for almost six years, has become an expert on advising companies how to better secure their networks and systems. He has since taken this expertise on the road and now does freelance security work, in addition to writing about technology and travel. In an article entitled “How To Keep Your Online Accounts Safe At Internet Cafés”, Anil offers up the following:

Don’t access any sensitive accounts. An obvious one, but it’s not a good idea to check your bank account, personal email or other sites that may be sensitive depending where in the world you are visiting. There are many parts of the world where you may not want anyone to know your nationality or would want to keep your browsing confidential. The best bet is to bring your own.

Bottom line—how significant is the risk, really? The answer to that is: “It depends”. I would expect busy internet cafés not far from the tourist track to be fairly reasonable risks. Busy internet cafés, airport terminals, libraries and the like seem like ‘target rich environments’ for potential keyloggers. These are certainly places where I’d make sure to take safety measures.

Less busy areas? Perhaps not so much. Regardless, it is possible—and moreover—it’s not all that hard for someone who’s technically savvy.


Related Posts


Tags: ,

Category: Articles

About the Author ()

For nearly ten years now, Daniel of Two Go Round-The-World has explored how travel captures our imagination and engages our deepest emotions. One half of the duo that maintains the widely read Two Go Round-The-World blog, Daniel treats his subjects not only as works of art but also as symbols of the cultural and political forces that inspire them. His latest book, The Physics of Flocking, gathers his favourite writing featured over the past two years on Two Go Round-The-World in columns like 'Looking Back' and 'The Whole Picture'—along with new reflections.

Comments (23)

Trackback URL | Comments RSS Feed

  1. Neil says:


    I think this is one of those overstated risks that people spend a lot of time worrying about in proportion to its real risks. I have accessed my online banking from many (probably over a hundred) internet cafes taking only cursory precautions, such as clearing browser cache. I have yet to have a problem. But in general, I chose to solve the problem the easy way…check accounts frequently.

    There’s not a lot that can be done with my Canadian bank account from another country. My savings account can only move money into my chequing account (takes three days to clear), and my chequing account can only pay Canadian companies. Someone gaining unlawful access to my online banking could arrange to use an international money broker to move money, but that’ll take substantial time (about a week) to clear, by which time I would have discovered it and contacted both my bank and the broker. It’s just not an effective fraud technique. Also, even if it clears, my bank insures the account against this kind of fraud, so their loss.

    So I don’t worry much about it.

    And fun fact – did you know that identity theft isn’t as common as people seem to believe? In the US, the FTC collects data on this, and came up with 318,000 cases in 2008 (about 0.1% of the population, 1/3 the number of stolen cars), and this includes cases of household discipline issues where kids stole their parents’ credit cards. I’m not familiar with Canadian data.

    • Daniel says:


      Thanks for the thoughful response, Neil — appreciated especially your comments on identity theft. My experience is similar to yours, although most of my travel was completed in the earlier part of the decase when, I assume, the threat was a lot lower. At the same time, I believe it is important to be prudent — but not paranoid!

  2. Anil says:


    Excellent advice and I like #3 :)

  3. Kathryn says:


    I always worry about this when we’re traveling. For peace of mind, we always bring a laptop — don’t want to risk any trouble while on the road!

  4. Marta says:


    Great tips, I am not normally worry about having to use an internet cafe’ but prefer much more to check it on my own notebook. that said I got once scam just before set off for my rtw trip. not sure if it was through my online banking or some online credit card purchases but in both cases i would had used my own laptop at the time. the good thing is that with my bank, for only £20 a year, I got a fully cover insurance for all my cards so I got easily all my money back (maybe cause it was only a small amount). so now i got a bit more peace of mind when surfing through internet cafe’

  5. Tango Lucy says:


    I agree that its pretty essential nowadays to have your own computing device when you travel. It seems like Apple’s new iPad is going to be the must-have device for travelers cause its so portable and you don’t have to plug it in so often like a laptop. But if you must use an internet cafe, those are good tips!

  6. Brian says:


    All great points and while the risk may be overstated as Neil points out, the risk is there. The problem is just compounded when you in a foreign country and you’re dealing with missing money and/or identity theft.

    Which is why I recommend that you have a bank account you access from the road separate from your main horde of money, just in case it is compromised.

    Also if you’re going to bring your own laptop/netbook that does not mean auto protection from people who would steal your info. You’ve got to have virus protection/personal firewall installed. I got a virus infection in Hong Kong and had to blow my laptop away and start over. I had virus protection installed but it was not very good. Once I got a better one – Kaspersky – I never had a problem again while on my round the world trip.

  7. Bear says:


    I think you guys already said it. Check your email and whatever, but avoid the online banking and making purchases that require credit cards. The same can be said for using all public computers.

  8. Peter says:


    I was originally going to agree with most of the users here and say that the risks are largely over-stated – who cares if they can get into your email? – but i changed my mind halfway upon remembering something I read elsewhere.

    The article was saying that most people use the same password for ALL their sites – email, facebook, banking, etc. And therefore, if a hacker can get into one account, he usually has the password for everything else.

    If looked at from that perspective, then it’s pretty disastrous. The solution is simple, of course – don’t use the same password everywhere – but most people don’t do that.


  9. Yikes – this freaked me out! While I have been wary about using Internet cafes, I use them anyway because I don’t want to go without. I’m not very tech-savvy, so I never knew what precautions to take…never thought about checking for keyloggers! Though I have an iPhone, and now I try to stay places with free wifi so I can just check email through my phone and avoid Internet cafes.

  10. Dave says:


    Nice tips. I’ve got an Eee PC that I plan to use whenever possible to limit my exposure on my RTW trip. Another one that Gary of Everything-Everywhere mentioned is to open a notepad window, then when entering username/password, alternate between browser and notepad and type some junk in the notepad window. The keylogger probably can’t tell what window you’re in and will then get useless info.

  11. Samui Boy says:


    As an avid traveler I have invested in my own portable laptop. It has just an eight in screen, but packed full of all the right programs and software to enable me to work and communicate on the run! Oh and it fits in my backpack.


  12. I am not in a position to view this web site correctly on firefox I believe there is a downside

  13. Josefa says:


    Hi there to every body, it’s my first pay a visit of this weblog; this weblog contains remarkable and in fact good stuff for visitors.

    my site; Josefa


  14. Great site. A great deal of information below. Now i am giving the item to 3 good friends ans furthermore spreading in delectable. And of course, due to your own work!


  15. OakleyWhere To Buy: Available through the Apple Store ornfl
    jerseys’s website. The protocol MTS lider Delegate conforms to the NSO bject protocol contains a method, responds ToSelector:, that can be proud to presenting with. MargaretNfl Jerseys Dayhoff, a biochemist who developed much-used compilations of protein structures, died Saturday of a heart attack at her home in Silver Spring, Md.


  16. Hobby-Fischer sind in der Regel ein Motiv in dieser Person mit der
    Aktualitt der Grund, warum Hobby-Fischer wnschennfl jerseys Glser polarisiert.


  17. If some one wants expert view about blogging afterward
    i suggest him/her to go to see this website, Keep up the fastidious work.


  18. Masa kat kedai makan tadi… ramai yg sembang bab
    nie… saya agak kurang faham… tapi lepas baca
    karangan awak… saya dah mula dapat tangkap maksud diorg…

    terima kasih atas post yang bermanafaat nie..

Leave a Reply